Lucene search
K
AmdEpyc 7502 Firmware

73 matches found

CVE
CVE
added 2022/03/11 5:54 p.m.455 views

CVE-2021-26401

CVE-2021-26401 concerns Spectre Variant 2 mitigation on AMD CPUs. The description states that LFENCE/JMP mitigation (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD processors. AMD advisories (AMD-SB-1040 and AMD-SB-1036) discuss mitigations and supported approaches: use ...

5.6CVSS6.5AI score0.00288EPSS
CVE
CVE
added 2023/07/24 7:38 p.m.397 views

CVE-2023-20593

CVE-2023-20593 is described as a vulnerability in AMD/Zen 2 microarchitectural behavior that could allow an attacker to access sensitive information under specific conditions. In the provided documents, the description is broad and does not list concrete affected products, versions, root cause de...

5.5CVSS7.2AI score0.05794EPSS
CVE
CVE
added 2022/07/12 3:50 p.m.393 views

CVE-2022-29900

CVE-2022-29900 describes mis-trained branch predictions for return instructions that may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. Connected advisories confirm this affects Linux-kernel components (e.g., linux-5.10 in Astra Linux; multiple Am...

6.5CVSS7.3AI score0.03764EPSS
CVE
CVE
added 2022/07/14 7:27 p.m.391 views

CVE-2022-23825

CVE-2022-23825 affects AMD processors where branch-predictor aliases can cause misclassification of branches, potentially exposing information. The connected advisories show Linux kernel mitigations are being released for Amazon Linux 2/ALAS kernels (e.g., ALAS2KERNEL-5.10-2025-086 and ALAS2KERNE...

6.5CVSS6.8AI score0.00785EPSS
CVE
CVE
added 2022/03/11 5:54 p.m.337 views

CVE-2021-26341

CVE-2021-26341 affects AMD CPUs; transient execution beyond unconditional direct branches may leak data. Public details describe local access risk with low NVD CVSS v2 but medium CVSS v3.1 (6.5) and local attack vector. Connected advisories (MiracleLinux, IBM/Red Hat and others) mention this CVE ...

6.5CVSS7.2AI score0.00316EPSS
CVE
CVE
added 2023/02/14 7:34 p.m.251 views

CVE-2022-27672

CVE-2022-27672 describes a local information disclosure vulnerability on certain AMD CPUs where, when SMT is enabled, the processor may speculatively execute instructions using a target from the sibling thread after an SMT mode switch. The underlying issue is tied to speculative execution across ...

4.7CVSS6.3AI score0.00289EPSS
CVE
CVE
added 2022/11/09 8:48 p.m.241 views

CVE-2022-23824

Summary: CVE-2022-23824 is listed as a Xen-related vulnerability in Debian security advisories and Gentoo GLSA, indicating multiple vulnerabilities in the Xen hypervisor that could lead to privilege escalation, denial of service, or information leaks. The Debian entry explicitly groups CVE-2022-2...

5.5CVSS5.6AI score0.00586EPSS
CVE
CVE
added 2023/11/14 6:54 p.m.196 views

CVE-2023-20592

CVE-2023-20592 covers AMD CPUs where improper behavior of the INVD instruction could let a malicious hypervisor affect cache line write-back and potentially compromise guest VM memory integrity. Public documents in the connected set describe the issue across multiple IBM Power HMC/LINUX-firmware ...

6.5CVSS6.5AI score0.01018EPSS
CVE
CVE
added 2022/06/15 7:13 p.m.157 views

CVE-2022-23823

CVE-2022-23823 describes a timing-attack information disclosure risk on AMD processors with DVFS. Connected sources show F5 advisories (K43357358) tying Hertzbleed to BIG-IP on AMD CPUs, listing affected BIG-IP branches (e.g., 17.x up to 17.5.03) with “Will not fix” for some lines, and provide a ...

6.5CVSS6AI score0.01044EPSS
CVE
CVE
added 2022/05/11 4:16 p.m.129 views

CVE-2021-26350

The CVE-2021-26350 entry describes a TOCTOU race in the AMD System Management Unit (SMU) that could allow a caller to obtain and manipulate the address of a message port register, potentially causing denial of service. The linked SUSE/SUSE-SU advisories enumerate this vulnerability alongside othe...

4.7CVSS5.3AI score0.00133EPSS
CVE
CVE
added 2023/01/10 7:46 p.m.127 views

CVE-2021-26316

CVE-2021-26316 describes a BIOS-level input/communication buffer validation flaw in AMD platforms that may allow a local attacker with low privileges to tamper BIOS buffers and trigger SMM (System Management Mode) arbitrary code execution. Connected sources confirm the root cause is inadequate va...

7.8CVSS8AI score0.00256EPSS
CVE
CVE
added 2022/05/11 4:18 p.m.127 views

CVE-2021-26372

CVE-2021-26372 is present in multiple SUSE kernel-firmware advisories (e.g., SUSE-SU-2022:1840/1846/1847-1) as part of a set of issues affecting the System Management Unit (SMU) and AMD-related firmware. The core issue is insufficient bound checks related to PCIE in the SMU, which could allow acc...

5.5CVSS5.8AI score0.00212EPSS
CVE
CVE
added 2022/05/11 4:28 p.m.122 views

CVE-2021-26376

CVE-2021-26376 is referenced across multiple SUSE kernel-firmware advisories (SUSE-SU-2022-1840/1846/1847-1, etc.) as part of a family of SMU flaws. The description in the CVE entry states that insufficient checks in the System Management Unit (SMU) FeatureConfig may reenforce features and cause ...

5.5CVSS5.9AI score0.00212EPSS
CVE
CVE
added 2022/05/11 4:22 p.m.117 views

CVE-2021-26347

CVE-2021-26347 is referenced in several advisories as part of AMD/ kernel-firmware updates. The description states a failure to validate the integer operand in the AMD Secure Processor bootloader could allow an integer overflow in the L2 directory table in SPI flash, potentially causing a denial ...

4.7CVSS5.5AI score0.00188EPSS
CVE
CVE
added 2022/05/11 4:20 p.m.113 views

CVE-2021-26375

Technical details for CVE-2021-26375 are not publicly provided in the supplied documents; no affected products, exploit vectors, or fixes are stated here. Monitor for updates from the listed advisories.

5.5CVSS5.8AI score0.00217EPSS
CVE
CVE
added 2022/05/11 4:40 p.m.112 views

CVE-2021-46744

Technical details about CVE-2021-46744 are not publicly provided in the supplied Connected documents. The initial entry mentions a SEV data-inference risk on AMD SEV guests, but no product/version/root-cause/fix is given here. Monitor for updates.

6.5CVSS6.3AI score0.00328EPSS
CVE
CVE
added 2022/05/11 4:29 p.m.107 views

CVE-2021-26388

CVE-2021-26388 matches the initial description: improper validation of the BIOS directory can cause reads beyond the RAM directory table, exposing out-of-bounds memory and potentially causing a denial of service. Connected advisories (SUSE-SU-2022:1840-1, 1846-1, 1847-1) reference this CVE as par...

5.5CVSS5.8AI score0.00212EPSS
CVE
CVE
added 2022/05/11 4:23 p.m.105 views

CVE-2021-26378

CVE-2021-26378 is an SMU (System Management Unit) bound-check issue that can cause denial of service by exposing invalid address space. The descriptor in the initial document states only a bound-check deficiency in the SMU leading to DoS, with CVSS v3.1 base score 5.5 (Local, Low privileges requi...

5.5CVSS5.8AI score0.00212EPSS
CVE
CVE
added 2022/05/11 4:25 p.m.98 views

CVE-2021-26364

CVE-2021-26364 affects a system with insufficient bounds checking in an SMU mailbox register, potentially allowing reading beyond the SRAM address range and triggering an exception handling path that could cause a denial of service. The description in the CVE notes this could occur locally and co...

5.5CVSS5.7AI score0.00208EPSS
CVE
CVE
added 2022/05/11 4:27 p.m.97 views

CVE-2021-26373

CVE-2021-26373 involves insufficient bound checks in the System Management Unit (SMU) that can cause a system voltage malfunction and potentially deny resources or service. The connected advisories (SUSE kernel-firmware updates SUSE-SU-2022:1840/1846/1923 and related OpenVAS entries) indicate thi...

5.5CVSS5.9AI score0.00212EPSS
CVE
CVE
added 2022/05/10 6:22 p.m.96 views

CVE-2021-26408

The CVE-2021-26408 issue affects AMD SEV-legacy firmware, where insufficient validation of elliptic curve points during SEV-legacy guest migration could lead to loss of guest integrity or confidentiality. This is rooted in inadequate point validation within SEV-legacy firmware. According to the c...

7.1CVSS7.1AI score0.00259EPSS
CVE
CVE
added 2022/05/10 6:25 p.m.92 views

CVE-2021-26370

Summary: CVE-2021-26370 describes an improper validation of the destination address in AMD EPYC UApp/ABL handling via SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_ATTRIB. Affected product/area: AMD EPYC server processors featuring UApp/ABL (as described in related sources). The issue conc...

7.1CVSS7.1AI score0.00222EPSS
CVE
CVE
added 2023/11/14 6:52 p.m.90 views

CVE-2023-20521

CVE-2023-20521 describes a TOCTOU flaw in the AMD ASP Bootloader that could let an attacker with physical access tamper SPI ROM records after memory verification, risking confidentiality loss and potential DoS. Connected sources (SUSE kernel-firmware updates and AMD/SUSe advisories) confirm this ...

5.7CVSS6.1AI score0.00257EPSS
CVE
CVE
added 2021/11/16 6:11 p.m.89 views

CVE-2020-12954

CVE-2020-12954 relates to an AMD Platform Security Processor (ASP) boot loader header where improper input and range validation can allow attacker-controlled values before signature verification, potentially enabling arbitrary code execution and bypassing SPI ROM protections to modify SPI ROM. Th...

5.5CVSS5.9AI score0.00224EPSS
CVE
CVE
added 2021/11/16 5:55 p.m.89 views

CVE-2021-26312

CVE-2021-26312 is addressed in SUSE kernel-firmware updates. The advisory notes that failure to flush the IOMMU TLB may allow an IO device to access memory it should not, potentially compromising integrity. SUSE’s fixes update kernel-firmware to versions 20220411 (AMD microcode updates) and 20220...

5.5CVSS5.8AI score0.00239EPSS
CVE
CVE
added 2023/07/11 6:29 p.m.86 views

CVE-2023-20575

CVE-2023-20575 describes a potential power side-channel vulnerability in some AMD processors that could allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM , potentially leaking sensitive information. The AMD security bull...

6.5CVSS6.3AI score0.00804EPSS
CVE
CVE
added 2022/08/09 8:20 p.m.84 views

CVE-2021-46778

CVE-2021-46778 describes an information-disclosure side-channel vulnerability in AMD CPUs with SMT (Zen 1–Zen 4). The root cause is execution unit scheduler contention on SMT-enabled cores, allowing an attacker to infer data by measuring scheduler-queue contention. Public documents identify affec...

5.6CVSS5.7AI score0.00217EPSS
CVE
CVE
added 2023/05/09 6:59 p.m.83 views

CVE-2021-26371

The CVE-2021-26371 entry concerns AMD Secure Processor (ASP)/AMD System Management Unit (SMU) where a compromised ABL or UApp could trigger a SHA256 system call to the bootloader, potentially exposing ASP memory to userspace and causing information disclosure. Technical details from connected sou...

5.5CVSS7.1AI score0.00189EPSS
CVE
CVE
added 2023/01/10 8:56 p.m.83 views

CVE-2021-26398

CVE-2021-26398 affects the AMD Secure Processor (ASP) via insufficient input validation in SYS_KEY_DERIVE. A compromised user application or ABL may corrupt ASP OS memory, potentially enabling arbitrary code execution. Public details identify the vulnerability and associated risk to ASP/firmware,...

7.8CVSS7.9AI score0.00212EPSS
CVE
CVE
added 2022/02/04 10:29 p.m.82 views

CVE-2020-12966

CVE-2020-12966 corresponds to an information-disclosure vulnerability in AMD EPYC processors’ SEV-ES and SEV-SNP. A local authenticated attacker could leak guest data via the malicious hypervisor. Affected products include AMD EPYC generations with SEV/SEV-ES, with SEV-SNP enabling a mitigation p...

5.5CVSS5AI score0.00313EPSS
CVE
CVE
added 2023/05/09 6:58 p.m.82 views

CVE-2021-26354

CVE-2021-26354 affects AMD’s ASP/Bootloader pathway (ASP/ABL) with Insufficient bounds checking that may allow a system call from a compromised ABL, initializing arbitrary memory to zero and potentially compromising integrity. The vulnerability is documented across multiple sources (NVD entry and...

5.5CVSS7.2AI score0.00178EPSS
CVE
CVE
added 2023/01/10 8:56 p.m.82 views

CVE-2021-26402

CVE-2021-26402 describes insufficient bounds checking in the AMD Secure Processor (ASP) firmware during BIOS mailbox handling, enabling an attacker to write partially controlled data out-of-bounds into SMM or SEV-ES regions and potentially compromise integrity and availability. The issue is discu...

7.1CVSS7.2AI score0.0018EPSS
CVE
CVE
added 2021/11/16 6:1 p.m.81 views

CVE-2020-12946

CVE-2020-12946 affects AMD’s Platform Security Processor (ASP) firmware, where insufficient input validation for discrete TPM commands could cause loss of integrity and denial of service. The issue is discussed in AMD/SUZE bulletins and is addressed by updating to specific AGESA PI software versi...

7.1CVSS7.3AI score0.00218EPSS
CVE
CVE
added 2023/11/14 6:53 p.m.80 views

CVE-2021-26345

CVE-2021-26345 is an AMD ASP/firmware vulnerability where failure to validate the APCB value may allow a privileged attacker with physical access to tamper with the APCB token, forcing an out-of-bounds memory read and potentially causing a denial of service. Public details across SUSE OSV entries...

4.9CVSS6.1AI score0.00434EPSS
CVE
CVE
added 2021/11/16 6:8 p.m.79 views

CVE-2021-26335

CVE-2021-26335 concerns the AMD Secure Processor (ASP) boot loader image header. The issue is improper input and range checking, enabling attacker-controlled values before signature validation and potentially allowing arbitrary code execution. In NVD/AMD documentation, the vulnerability is listed...

7.8CVSS8AI score0.00286EPSS
CVE
CVE
added 2021/11/16 6:4 p.m.79 views

CVE-2021-26336

CVE-2021-26336 concerns AMD System Management Unit (SMU) with insufficient bounds checking that can cause invalid memory accesses/updates, leading to an SMU hang and the system may fail to service further requests from other components. Multiple sources confirm the issue under the SMU and referen...

5.5CVSS6.3AI score0.00212EPSS
CVE
CVE
added 2021/06/11 9:50 p.m.77 views

CVE-2020-12988

CVE-2020-12988 affects AMD EPYC platforms (1st–3rd Gen) per AMD-SB-1021. The DoS issue is described as a hang during system reboot in the integrated chipset/AMD platform components (e.g., ASP/SMU/SEV family). Affected products include 1st Gen EPYC (Naples), 2nd Gen (Rome), and 3rd Gen (Milan) CPU...

7.8CVSS7.2AI score0.01038EPSS
CVE
CVE
added 2021/12/10 9:55 p.m.76 views

CVE-2021-26340

CVE-2021-26340 is a published vulnerability affecting AMD SEV/SEV-ES environments. A malicious hypervisor with an unprivileged attacker process inside a guest VM may fail to flush the TLB, causing unexpected VM behavior and potential loss of integrity and confidentiality. Affected products includ...

8.4CVSS8.2AI score0.00239EPSS
CVE
CVE
added 2023/01/10 8:57 p.m.76 views

CVE-2023-20527

CVE-2023-20527 concerns the AMD Secure Processor (ASP) Bootloader. The issue is an improper syscall input validation in the Bootloader, which may allow a privileged attacker to read memory out-of-bounds, potentially causing a denial-of-service. The CVSS v3.1 metrics indicate Network attack vector...

6.5CVSS6.7AI score0.00595EPSS
CVE
CVE
added 2023/11/14 6:52 p.m.75 views

CVE-2023-20533

CVE-2023-20533 is documented in multiple trusted sources as a vulnerability in the AMD SMU/ASP ecosystem: it describes insufficient DRAM address validation in the System Management Unit (SMU), which may allow a DMA attacker to read/write invalid DRAM addresses and could lead to denial of service....

7.5CVSS7.5AI score0.00499EPSS
CVE
CVE
added 2023/05/09 7:0 p.m.74 views

CVE-2021-46756

CVE-2021-46756 describes insufficient validation of inputs in SVC_MAP_USER_STACK in the AMD Secure Processor (ASP) bootloader. A malicious UApp or ABL could send malformed or invalid syscalls to the bootloader, potentially causing a denial of service and loss of integrity. The AMD security bullet...

9.1CVSS9.1AI score0.00645EPSS
CVE
CVE
added 2023/05/09 6:36 p.m.73 views

CVE-2023-20520

CVE-2023-20520 affects the AMD Secure Processor (ASP) Bootloader. The issue is described as improper access control in the ASP Bootloader which may allow an attacker to corrupt the return address, causing a stack-based buffer overrun and potentially arbitrary code execution. Connected sources ide...

9.8CVSS9.6AI score0.00789EPSS
CVE
CVE
added 2023/05/09 6:36 p.m.71 views

CVE-2021-46763

The CVE-2021-46763 entry concerns AMD components: the AMD Secure Processor (ASP) and AMD System Management Unit (SMU). The root cause is insufficient input validation in the SMU, which may allow a privileged attacker to write beyond the bounds of a shared memory buffer, potentially compromising i...

7.5CVSS7.9AI score0.00494EPSS
CVE
CVE
added 2023/11/14 6:52 p.m.70 views

CVE-2021-46774

CVE-2021-46774 describes insufficient input validation in the AMD ABL, enabling a privileged attacker to perform arbitrary DRAM writes and potentially execute code or escalate privileges. Connected advisories confirm this vulnerability is among issues addressed by AMD/PI firmware updates and kern...

7.5CVSS7.8AI score0.00508EPSS
CVE
CVE
added 2023/05/09 6:58 p.m.69 views

CVE-2021-26356

CVE-2021-26356 describes a TOCTOU vulnerability in the ASP bootloader that can allow tampering with the SPI ROM after memory reads, potentially causing S3 data corruption and information disclosure in AMD Secure Processor/ASP boot scenarios. Affected components include the ASP bootloader within A...

7.4CVSS8.4AI score0.00399EPSS
CVE
CVE
added 2023/05/09 6:36 p.m.69 views

CVE-2021-46762

CVE-2021-46762 is an AMD SMU/ASP input-validation vulnerability: insufficient validation in the System Management Unit (SMU) may allow corruption of SMU SRAM, risking integrity or availability. Affected products include AMD ASP/SMU components in AMD Embedded processors; exploitation details are n...

9.1CVSS6.4AI score0.00349EPSS
CVE
CVE
added 2023/01/10 8:57 p.m.69 views

CVE-2023-20531

CVE-2023-20531 affects the AMD System Management Unit (SMU) in AMD EPYC platforms. The root cause is insufficient bound checks in SMU, allowing an attacker to update SRAM between address spaces to an invalid value, which can lead to a denial of service. Connected documents provide concrete detail...

7.5CVSS7.5AI score0.00616EPSS
CVE
CVE
added 2021/11/16 6:17 p.m.68 views

CVE-2020-12944

CVE-2020-12944 affects AMD Secure Processor (ASP) firmware, where insufficient validation of BIOS image length could allow arbitrary code execution. AMD documentation (AMD-SB-1027/1021) lists affected platforms across desktop, mobile and server AMD systems and provides mitigations via AGESA PI fi...

7.8CVSS8AI score0.00335EPSS
CVE
CVE
added 2023/01/10 8:57 p.m.68 views

CVE-2023-20529

The CVE-2023-20529 issue affects the AMD System Management Unit (SMU) , where insufficient bound checks can allow an attacker to update the sender/receiver address space to an invalid value, potentially causing a denial of service. The vulnerability is tied to SMU/firmware handling and is documen...

7.5CVSS7.5AI score0.00616EPSS
CVE
CVE
added 2021/11/16 5:53 p.m.67 views

CVE-2021-26338

The CVE targets AMD's System Management Unit (SMU) in AMD EPYC processors (1st–3rd Gen) where improper access controls may allow an attacker to override DRAM performance-control tables, risking resource exhaustion. Affected components/versions are stated in AMD’s bulletin AMD-SB-1021 (AGESA mitig...

7.8CVSS7.4AI score0.00897EPSS
Total number of security vulnerabilities73